@UNIX ajohnson is right. We're in the process of getting Peter from Corelan to come to the office for a brain melting two day training session. I've got my eyes set on the OSWE and OSEE, if they don't kill me first.

Oh, that's great. Please be sure to write a review about his course too, as I'd be interested to read about how it is compared to CTP, AWE, and other similar courses. I'd also be interested to read about how much additional material is covered, which is not already present in his tutorials (like the module on Windows 8 ). He covers quite a few topics in a rather short amount of time, but so far all reviews I've read about his course were very positive.

Building a Metasploit Module:The candidate will demonstrate a high-level understanding of how to create a Metasploit module

Q:How does this differ from the msf module in the OSCP?

Python and Scapy For Pen Testers The candidate will demonstrate an understanding of the ability to read and modify Python scripts and packet crafting using Scapy to enhance functionality as required during a penetration testQ: How deep do you into using scapy?

Advanced Stack Smashing The candidate will demonstrate an understanding of how to write advanced stack overflow exploits against canary-protected programs and ASLRQ:Is this partial overwrite technique?

In terms of value for money which would you say would better suite a pentester the OSCE or GXPN?

Last edited by Dark_Knight on Tue Oct 23, 2012 12:03 pm, edited 1 time in total.

I took OSCP v3.0 and I don't recall any msf sections outside of basic usage. This the SANS module is only 15 pages but its more about porting an existing PoC to a msf module

Q: How deep do you into using scapy?

Pretty basic, but it will get you comfortable which is enough to probably do anything you want.

Q:Is this partial overwrite technique?

This is specific to *nix exploitation and walks through defeating Linux SSP. It's pretty cool stuff.

In terms of value for money which would you say would better suite a pentester the OSCE or GXPN?

Good question. I think if your goal is to become a better pen tester, definitely go with GXPN. There are a lot of practical techniques you can immediately walk away with and use. If your goal is to become a better exploit developer, go with both courses...

Also, if you're looking for more advanced MitM attacks (and haven't seen it already), check out Ryan Linn's DerbyCon talk where they embedded Lua in Ettercap. I haven't had a chance to play around with it personally, but it looks pretty cool.